This article contains promotional content .(October 2019) |
Initial release | November 1, 2007 |
---|---|
Stable release | 2.5.1 / August 30, 2013 |
Written in | Java, PHP, C#, JavaScript, HTML |
Type | Web application framework |
License | Apache License 2.0 |
Website | opensocial |
OpenSocial is a public specification that outlines a set of common application programming interfaces (APIs) for web applications. Initially designed for social network applications, it was developed collaboratively by Google, MySpace and other social networks. It has since evolved into a runtime environment that allows third-party components, regardless of their trust level, to operate within an existing web application.
The OpenSocial Foundation has integrated or supported various Open Web technologies, including OAuth and OAuth 2.0, Activity Streams, and Portable Contacts. Since its inception on November 1, 2007, [1] applications that implement the OpenSocial APIs can interoperate with any social network system that supports them.
OpenSocial initially adopted a universal approach to development. As the platform matured and the user base expanded, it was modularized, allowing developers to include only necessary components of the platform. [2] Orkut, a Google client, was the first to support OpenSocial. [3]
On December 16, 2014, the World Wide Web Consortium (W3C) announced that the OpenSocial Foundation would transition its standards work to the W3C Social Web Activity. [4] This effectively integrated OpenSocial into the W3C’s Social Web Working Group and Social Interest Group, thereby dissolving OpenSocial as a separate entity.
In its 0.9 version, OpenSocial incorporated support for a tag-based language. [6] known as OSML. This language facilitates tag-based access to data from the OpenSocial APIs, which previously necessitated an asynchronous client-side request. Additionally, it established a comprehensive tag template system and adopted an expression language that is loosely based on the Java Expression Language.
From version 2.0 onwards, OpenSocial began supporting the Activity Streams format. [6]
OpenSocial is commonly described as a more open cross-platform alternative to the Facebook Platform, a proprietary service of the popular social network service Facebook. [7]
OpenSocial was rumored to be part of a larger social networking initiative by Google code-named "Maka-Maka", [8] [9] which is defined as meaning an "intimate friend with whom one is in terms of receiving and giving freely" in Hawaiian. [10]
An open-source project, Shindig, was launched in December 2007 to provide a reference implementation of the OpenSocial standards. It has the support of Google, Ning, and other companies developing OpenSocial-related software. The Myspace OpenSocial parser was released as project Negroni in January 2011 and provides a C#--based implementation of OpenSocial.
Apache Rave is a lightweight and open-standards-based extensible platform for using, integrating, and hosting OpenSocial and W3C Widget-related features technologies, and services. It will also provide strong context-aware personalization, collaboration, and content integration capabilities and a high-quality out-of-the-box installation as well as be easy to integrate into other platforms and solutions. [11]
Both Shindig and Apache Rave are no longer in development and have been retired by the Apache Foundation.
Enterprise websites, such as Friendster, hi5, LinkedIn, MySpace, Orkut, and Salesforce.com are major users of OpenSocial. [12]
Friendster has deployed APIs from version 0.7 of the OpenSocial specification, making it easy for existing OpenSocial applications using version 0.7 to be launched on Friendster and reach Friendster over 75 million users. Friendster also plans to support additional OpenSocial APIs in the coming months, including the new 0.8 APIs. [13]
hi5 taps Widgetbox support for OpenSocial to get access to the choice of web widgets Widgetbox provides. [14]
Myspace Developer Platform (MDP) is based on the OpenSocial API. It supports social networks to develop social and interacting widgets. It can be seen as an answer to Facebook's developer platform. [15]
Initial OpenSocial support experienced vulnerabilities in security, with a self-described amateur developer demonstrating exploits of the RockYou gadget on Plaxo, and Ning social networks using the iLike gadget. [16] As reported by TechCrunch on November 5, 2007, OpenSocial was quickly cracked. The total time to crack the OpenSocial-based iLike on Ning was 20 minutes, with the attacker being able to add and remove songs on a user's playlist and access the user's friend information. [17]
Häsel and Iacono showed that “OpenSocial specifications were far from being comprehensive in respect to security”. [18] They discussed different security implications in the context of OpenSocial. They introduced possible vulnerabilities in Message Integrity and Authentication, Message Confidentiality, and Identity Management and Access Control.
Despite the initial fanfare & news coverage, OpenSocial encountered many issues initially; it only ran on the Google-owned Orkut, and only with a limited number of devices, with multiple errors reported on other devices. Other networks were still looking into implementing the framework.
On December 6, TechCrunch followed up with a report by MediaPops founder Russ Whitman, who said, "While [they] were initially very excited, [they] have learned the hard way just how limited the release truly is." Russ added that "core functionality components" are missing and that "write once, distribute broadly" was not accurate. [19]
Legend: Discontinued Current
Version | Release date | Release notes |
---|---|---|
2.5.1 [20] | August 30, 2013 | View Release Notes |
2.5.0 [21] | August 28, 2012 | View Release Notes |
2.0.1 [22] | November 23, 2011 | View Release Notes |
2.0.0 [23] | August 18, 2011 | View Release Notes |
1.1.0 [24] | November 18, 2010 | View Release Notes |
1.0.0 [2] | March 9, 2010 | View Release Notes |
0.9.0 [25] | April 15, 2009 | View Release Notes |
0.8.1 [26] | September 25, 2008 | View Release Notes |
0.8.0 [27] | May 27, 2008 | View Release Notes |
0.7.0 [28] | January 25, 2008 | View Release Notes |
0.6.0 [29] | December 21, 2007 | View Release Notes |
0.5.0 [30] | November 9, 2007 | View Release Notes |
Changes to the REST API were made to address several issues that required changes in the OpenSocial specifications so the Open Mobile Alliance could use it.. [20]
Common Containers were added that provided "a set of common services that Container developers can leverage for features like in-browser Gadget lifecycle event callbacks, Embedded Experiences, selection handlers, and action handlers." [21] A new Metadata API gives OpenSocial applications the ability to adapt to the capabilities of different OpenSocial containers. The WAP authentication extension was deprecated.
OAuth 2.0 support was finalized in this version of OpenSocial. [22]
OpenSocial introduced support for Activity Streams. JSON had emerged as the preferred data format and support for ATOM was deprecated. The Gadget format was simplified to give the ability to define a template library within a Gadget specification. [23] While not finalized, the groundwork for OAuth 2.0 support was put in place.
In response to enterprise environment needs, OpenSocial added support for advanced mashup scenarios. It enabled gadgets to "securely message each other in a loosely coupled manner." [24] This new feature was called Inter-Gadget Communication.
OpenSocial acknowledged that the "one-size-fits-all" approach it was taking was not going to work for the diverse types of websites that had adopted the platform. To address this issue, OpenSocial is modularized into four compliance modules: Core API Server, Core Gadget Server, Social API Server, and Social Gadget Server. [2] This allowed a developer to pick and choose the modules they wanted to use while using other services that aren't part of OpenSocial. Extensions were introduced to allow developers to extend OpenSocial containers.
In response to feedback and observation of how developers were using the API, this version focused on making "application development, testing, and deployment easier and faster, while reducing the learning curve for new app developers." [25] The OpenSocial Javascript API was streamlined to make it lightweight while retaining the power of the old Javascript API. Proxied content was introduced to eliminate the need for developers to work around previous AJAX limitations. Proxied content allows content to be fetched from a URL and displayed in a <Content> tag. In response to a common use of sending data to a remote server immediately after a request, OpenSocial 0.9.0 introduced data pipelining. Data pipelining allows the developer to specify the social data the application will need and make the data immediately available. OpenSocial Templates were introduced to create data-driven UI with a separation of markup and programmatic logic. OpenSocial Markup Language (OSML Markup) is a new set of standardized tags to accomplish common tasks or safely perform normally unsafe operations within templates. OSML is extensible. Developers can create a library of their custom tags.
This minor release placed a major focus on server-to-server protocols as "the Person schema has been aligned with the Portable Contacts effort, and an optional RPC proposal has been added." [26] JSON-RPC protocol was added to increase server-to-server functionality. The RESTful protocol that was introduced in v0.8.0 underwent a large revision with several fields being added, modified, and deleted.
OpenSocial changed specifications for containers to implement a RESTful API. Many of the OpenSocial Javascript API changes made this version incompatible with previous versions. Existing gadgets continued to use v0.7.0. After updating the gadget, it would use v0.8.0. Security improved with the introduction of OAuth authorization and HTML sanitation, and container lifecycle events. [27] Persistence data was stored in JSON.
Released as the "first iteration that can fully support rich, social applications." [28] It added several standard fields for profile information, the ability to send a message to install an application, an Activity template to control activity notifications about what users have been doing, and a simplified persistence API to use feeds instead of global and instance-scoped application data. Another major announcement came from Apache Shindig. Apache Shindig-made gadgets are open-sourced. In coordination with this announcement, OpenSocial 0.7.0 introduced Gadget Specifications for developers to be able to define their gadgets using the Gadget API.
Security was a large focus in version 0.6.0. Permission controls were tightened to prevent a gadget from returning information if it is not authorized to do so. New classes were added, such as the Environment class to allow a gadget to respond differently according to its environment and the Surface class to support navigation from one surface to another. The Activities class was simplified based on developer needs and the Stream class was deprecated. [29]
Google announced the launch of OpenSocial with a pre-release of version 0.5.0. While unstable, this API introduced "various XML DTDs, Javascript interfaces and other data structures" [30] to the OpenSocial platform.
Google Developers is Google's site for software development tools and platforms, application programming interfaces (APIs), and technical resources. The site contains documentation on using Google developer tools and APIs—including discussion groups and blogs for developers using Google's developer products.
HTML5 is a markup language used for structuring and presenting hypertext documents on the World Wide Web. It was the fifth and final major HTML version that is now a retired World Wide Web Consortium (W3C) recommendation. The current specification is known as the HTML Living Standard. It is maintained by the Web Hypertext Application Technology Working Group (WHATWG), a consortium of the major browser vendors.
OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Meta Platforms, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.
A software widget is a relatively simple and easy-to-use software application or component made for one or more different software platforms.
WebRTC is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication and streaming to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps.
BaseX is a native and light-weight XML database management system and XQuery processor, developed as a community project on GitHub. It is specialized in storing, querying, and visualizing large XML documents and collections. BaseX is platform-independent and distributed under the BSD-3-Clause license.
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.
HTML audio is a subject of the HTML specification, incorporating audio input, playback, and synthesis, as well as speech to text, all in the browser.
User-Managed Access (UMA) is an OAuth-based access management protocol standard for party-to-party authorization. Version 1.0 of the standard was approved by the Kantara Initiative on March 23, 2015.
Distributed social network projects generally develop software, protocols, or both.
Google APIs are application programming interfaces (APIs) developed by Google which allow communication with Google Services and their integration to other services. Examples of these include Search, Gmail, Translate or Google Maps. Third-party apps can use these APIs to take advantage of or extend the functionality of the existing services.
Media Source Extensions (MSE) is a W3C specification that allows JavaScript to send byte streams to media codecs within web browsers that support HTML video and audio. Among other possible uses, this allows the implementation of client-side prefetching and buffering code for streaming media entirely in JavaScript. It is compatible with, but should not be confused with, the Encrypted Media Extensions (EME) specification, and neither requires the use of the other, although many EME implementations are only capable of decrypting media data provided via MSE.
Brotli is a lossless data compression algorithm developed by Google. It uses a combination of the general-purpose LZ77 lossless compression algorithm, Huffman coding and 2nd-order context modelling. Brotli is primarily used by web servers and content delivery networks to compress HTTP content, making internet websites load faster. A successor to gzip, it is supported by all major web browsers and has become increasingly popular, as it provides better compression than gzip.
Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards. It is succeeded by the FIDO2 Project, which includes the W3C Web Authentication (WebAuthn) standard and the FIDO Alliance's Client to Authenticator Protocol 2 (CTAP2).
WebAssembly (Wasm) defines a portable binary-code format and a corresponding text format for executable programs as well as software interfaces for facilitating communication between such programs and their host environment.
WebXR Device API is a Web application programming interface (API) that describes support for accessing augmented reality and virtual reality devices, such as the HTC Vive, Oculus Rift, Meta Quest, Google Cardboard, HoloLens, Apple Vision Pro, Magic Leap or Open Source Virtual Reality (OSVR), in a web browser. The WebXR Device API and related APIs are standards defined by W3C groups, the Immersive Web Community Group and Immersive Web Working Group. While the Community Group works on the proposals in the incubation period, the Working Group defines the final web specifications to be implemented by the browsers.
Eclipse Che is an open-source, Java-based developer workspace server and online IDE. It includes a multi-user remote development platform. The workspace server comes with a flexible RESTful webservice. It also contains a SDK for creating plug-ins for languages, frameworks or tools. Eclipse Che is an Eclipse Cloud Development (ECD) top-level project, allowing contributions from the user community.
ActivityPub is a protocol and open standard for decentralized social networking. It provides a client-to-server API for creating and modifying content, as well as a federated server-to-server (S2S) protocol for delivering notifications and content to other servers. ActivityPub has become the main standard used in the fediverse, a popular network used for social networking that consists of software such as Mastodon, Pixelfed and PeerTube.